diff --git a/cmd/drone-autoscaler/main.go b/cmd/drone-autoscaler/main.go
index 6df0313..5d60dfd 100644
--- a/cmd/drone-autoscaler/main.go
+++ b/cmd/drone-autoscaler/main.go
@@ -322,6 +322,7 @@ func setupProvider(c config.Config) (autoscaler.Provider, error) {
 			amazon.WithVolumeThroughput(c.Amazon.VolumeThroughput),
 			amazon.WithIamProfileArn(c.Amazon.IamProfileArn),
 			amazon.WithMarketType(c.Amazon.MarketType),
+			amazon.WithInstanceMetadataTokens(c.Amazon.IMDSTokens),
 		), nil
 	case os.Getenv("OS_USERNAME") != "":
 		return openstack.New(
diff --git a/config/config.go b/config/config.go
index 95ace89..8764dc0 100644
--- a/config/config.go
+++ b/config/config.go
@@ -145,6 +145,7 @@ type (
 			VolumeThroughput int64  `envconfig:"DRONE_AMAZON_VOLUME_THROUGHPUT"`
 			IamProfileArn    string `envconfig:"DRONE_AMAZON_IAM_PROFILE_ARN"`
 			MarketType       string `envconfig:"DRONE_AMAZON_MARKET_TYPE"`
+			IMDSTokens       string `envconfig:"DRONE_AMAZON_IMDS_TOKENS"`
 		}
 
 		DigitalOcean struct {
diff --git a/drivers/amazon/create.go b/drivers/amazon/create.go
index 89d3f43..4e84859 100644
--- a/drivers/amazon/create.go
+++ b/drivers/amazon/create.go
@@ -100,6 +100,13 @@ func (p *provider) create(ctx context.Context, opts autoscaler.InstanceCreateOpt
 	tags := createCopy(p.tags)
 	tags["Name"] = opts.Name
 
+	var metadataOptions *ec2.InstanceMetadataOptionsRequest
+	if p.imdsTokens != "" {
+		metadataOptions = &ec2.InstanceMetadataOptionsRequest{
+			HttpTokens: aws.String(p.imdsTokens),
+		}
+	}
+
 	in := &ec2.RunInstancesInput{
 		KeyName:               aws.String(p.key),
 		ImageId:               aws.String(p.image),
@@ -109,6 +116,7 @@ func (p *provider) create(ctx context.Context, opts autoscaler.InstanceCreateOpt
 		InstanceMarketOptions: marketOptions,
 		IamInstanceProfile:    iamProfile,
 		UserData:              aws.String(base64.StdEncoding.EncodeToString(buf.Bytes())),
+		MetadataOptions:       metadataOptions,
 		NetworkInterfaces: []*ec2.InstanceNetworkInterfaceSpecification{
 			{
 				AssociatePublicIpAddress: aws.Bool(!p.privateIP),
diff --git a/drivers/amazon/option.go b/drivers/amazon/option.go
index 6684dfe..e7908dc 100644
--- a/drivers/amazon/option.go
+++ b/drivers/amazon/option.go
@@ -152,6 +152,13 @@ func WithIamProfileArn(t string) Option {
 	}
 }
 
+// WithInstanceMetadataTokens returns an option to set the instance metadata service tokens requiment.
+func WithInstanceMetadataTokens(t string) Option {
+	return func(p *provider) {
+		p.imdsTokens = t
+	}
+}
+
 // WithMarketType returns an option to set the instance market type.
 func WithMarketType(t string) Option {
 	return func(p *provider) {
diff --git a/drivers/amazon/provider.go b/drivers/amazon/provider.go
index 62234a8..31cc46d 100644
--- a/drivers/amazon/provider.go
+++ b/drivers/amazon/provider.go
@@ -37,6 +37,7 @@ type provider struct {
 	tags             map[string]string
 	iamProfileArn    string
 	spotInstance     bool
+	imdsTokens       string
 }
 
 func (p *provider) getClient() *ec2.EC2 {